[BreachExchange] Ransomware Attack Hits Louisiana State Servers

[Destry Winant]

https://www.securityweek.com/ransomware-attack-hits-louisiana-state-servers

Louisiana Governor John Bel Edwards on Monday revealed that a
ransomware attack hit state servers, prompting a response from the
state’s cyber-security team.

The incident appears to have affected only some of the state’s
servers, but the Office of Technology Services (OTS) decided to take
offline all of the servers in an effort to ensure that the infection
is contained.

“Today, we activated the state's cybersecurity team in response to an
attempted ransomware attack that is affecting some state servers. The
Office of Technology Services identified a cybersecurity threat that
affected some, but not all state servers,” Gov. Edwards announced on
Twitter.

The ransomware attack, he revealed, impacted many state agencies’
email, websites and other online applications.

According to local news reports, the Office of Motor Vehicles (OMV)
and the Louisiana Department of Health (LDH) were among the affected
services.

“The service interruption was due to OTS’ aggressive response to
prevent additional infection of state servers and not due to the
attempted ransomware attack,” Gov. Edwards said.

While the affected services started to come back online on Monday
afternoon, it might still take several days before they are fully
restored.

The state did not pay a ransom in this attack and no data loss should
have resulted from the incident. Federal agencies are investigating
the incident, Gov. Edwards said.

According to OTS, the attempted assault is similar to the ransomware
attacks that targeted local school districts and government entities
over the summer.

In July, Louisiana declared an emergency in response to a malware
attack targeting three school systems in Sabine and Morehouse parishes
and the City of Monroe.

Days later, a fourth Louisiana school district was hit by a
cyberattack, namely Tangipahoa Parish. The incident resulted in phone
lines and email at schools and some offices being shut down.

The malware used in this week’s attack was the Ryuk ransomware,
typically distributed via phishing emails, said Seth Blank, director
of Industry Initiatives at Valimail and co-chairman of the Election
Security Special Interest Group (ES-SIG) of the email industry group
M3AAWG.

“It's not a coincidence that Louisiana's systems were attacked during
an election. While it’s fortunate the incident does not appear to have
disrupted election activity, we can expect to see similar attacks as
the 2020 election draws near, and other states may not be so lucky.
Given how many cities have been taken offline due to ransomware,
there’s a very real threat to election integrity for municipalities
that implement computer-based voting, electronic pollbooks, digital
vote tabulation, or digital transmission of voting results — which is
to say, virtually all of them,” Blank told SecurityWeek.

“To stop these crippling cyberattacks, state and local governments
need to implement proper best practices, starting by locking down the
primary vector for such attacks by preventing the phish from getting
to inboxes in the first place — which can be done by validating sender
identity. Implementing DMARC is the critical first step,” Blank added.

“State and local governments across the United States have been
experiencing an outbreak of ransomware attacks in 2019,” Kimberly
Goody, manager of FireEye’s Cybercrime Analysis unit, said in an
emailed comment to SecurityWeek. “Initial analysis suggests that
publicly reported incidents have nearly doubled in comparison to 2018.
Typically, these attacks have involved the distribution of ransomware
post compromise en masse through a victim environment. This
methodology allows threat actors to maximize their disruption of the
victim organization effectively increasing the likelihood that the
victim will acquiesce to ransom demands.”